Device Enrollment
Architecture
ManageEngine Mobile Device Manager Plus can be used to deploy configuration settings, security commands and retrieve asset data over-the-air (OTA). All Communications from Mobile Device Manager Plus to the mobile device is routed through intermediate services such as APNs for iOS devices, FCM for android devices and WNS for Windows phones. A live TCP connection is maintained for intermediate service. APNs, FCM and WNS acts an intermediate wake up service to wake up the device whenever an action is triggered to be performed from the Mobile Device Manager Plus. WNS is used only for phones running Windows 8.1 and is not available for mobile phones running Window 8 OS. Managed mobile device communicates with Mobile Device Manager Plus to receive the instructions and report back the status and data.
Port Details
Ports to be opened, if the mobile device, uses Wi-Fi to reach the Mobile Device Manager Plus Server.
- 5223 - If the mobile device connects to the internet through the Wi-Fi, then this port should be opened. For better security, you can restrict these connections on the IP range 17.0.0.0/8. If all the managed devices have access to cellular data network, this requirement is not needed (HTTPS port).
- Port numbers 5228, 5229, 5230 (HTTPS port) should be open on the fire wall, if the mobile device connects to the internet through Wi-Fi. This enables communication between the mobile devices and the FCM. As FCM doesn't provide specific IPs, you should allow your firewall to accept outgoing connections to all IP addresses contained in the IP blocks listed in Google's ASN of 15169
Setting up and Enrolling the mobile devices:
iOS devices
- Creating APNs Certificate
- Enroll iOS devices
- Enroll iOS devices using Apple Configurator
- Enroll iOS devices using Device Enrollment Program(DEP)
Android devices
- Enroll Android devices
- Enroll Android devices using Near Field Communication(NFC)
- Enroll Android devices using QR code